ComponentSpace

Forums



Confused by AssertionConsumerService reply URL


Confused by AssertionConsumerService reply URL

Author
Message
xnetdude
xnetdude
New Member
New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)New Member (13 reputation)

Group: Awaiting Activation
Posts: 5, Visits: 37
Hi,

We are totally new to SAML and testing Componentspace middleware inside an ASP.net core 2.1 webapp so sorry for the newbie Q.

For sometime we have been using other authentication methods (eg Google and Microsoft) without a problem and they require the reply URL (AssertionConsumerService) to be (for example) https://ourdomain.com/signin-microsoft.  They all need to "signin-" bit.

As we are using Componentspace middleware with Microsoft Identity we assume it requires the same format as the return URL otherwise we don't understand how the standard "ExternalLogin.cshtml.cs" file gets called when redirected back from, in this instance, Microsoft Azure.

What confuses us further is that in the middleware demo it happily shows the reply URL as "https://localhost:44374/SAML/AssertionConsumerService" yet we cannot see any custom classes dealing with this return page.  

Essentially the question is, how do we get our "ExternalLogin.cshtml.cs" called so we can then use our existing logic because at the moment we are simply seeing a 404 following the redirect from Azure after successfully logging into Azure.

**UPDATE**

It seems Azure is correctly sending us back to https://localhost:44335/SAML/AssertionConsumerService with a SAMLResponse and receicing a HTTP 302 sttaus code, but our application is forwarding to our error page as SAML/AssertionConsumerService seems not being handled.

We have this is the startup.cs class:

services.AddAuthentication()
     .AddSaml(options =>
      {
       options.PartnerName = () => Configuration["PartnerName"];
      })

and also

services.AddSaml(config => ConfigureSaml(config));

So not sure why ComponentSpace is not handling the response.

** END OF UPDATE **

Hope that makes sense?!

Thanks.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
By default, the SAML authentication handler expects the SAML response to be received at the SAML/AssertionConsumerService endpoint. We use this URL as it describes its function in the terminology of the SAML specification (ie an assertion consumer service). If required, this can be changed through the SamlAuthenticationOptions.AssertionConsumerServicePath.

The SAML authentication handler will receive and process the SAML response from the partner identity provider. If the SAML response is processed successfully, it will sign-in the user using the configured sign-in scheme. This defaults to Identity.External but can be changed through the SamlAuthenticationOptions.SignInScheme.

It then redirects to the login completion URL specified through the SamlAuthenticationOptions.LoginCompletionUrl. To tie in with Microsoft Identity, this defaults to "/Identity/Account/ExternalLogin?handler=Callback".

If there's still an issue, please enable SAML trace and send the generated log file as an email attachment to [email protected] mentioning your forum post.

https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 1 query. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search